Re: R: New domains (was: URIWhois plugin)

Quoting Kenneth Porter <[EMAIL PROTECTED]>: > --On Thursday, September 27, 2007 7:05 PM +0200 Giampaolo Tomassoni > <[EMAIL PROTECTED]> wrote: > > > The only problem is that a spammer could "query" it days before it will > > bulk send, thereby impairing the effectiveness of such approach. > > > >

Re: R: New domains (was: URIWhois plugin)

--On Thursday, September 27, 2007 7:05 PM +0200 Giampaolo Tomassoni <[EMAIL PROTECTED]> wrote: The only problem is that a spammer could "query" it days before it will bulk send, thereby impairing the effectiveness of such approach. I think we need some "official" data like the domain's creatio

Re: New domains (was: URIWhois plugin)

> 2. As mentioned above the whois data is sometimes populated *after* the > domains > start appearing in spams. Remember that the whois data is still mostly batch > processed once or twice a day. Many of the TLD zone files (where the DNS > delegations actually come from) are updated in near real

Re: New domains (was: URIWhois plugin)

Quoting Jonas Eckerman <[EMAIL PROTECTED]>: > (The idea below is not mine, someone else (I'm sorry, but I > forgot who) wrote about it here (I think) before.) > > Giampaolo Tomassoni wrote: > > > brand-new domains, > > Something that could work for this without the problems inherent > in using who

R: New domains (was: URIWhois plugin)

> -Messaggio originale- > Da: Jonas Eckerman [mailto:[EMAIL PROTECTED] > Inviato: giovedì 27 settembre 2007 18.17 > A: users@spamassassin.apache.org > Oggetto: New domains (was: URIWhois plugin) > > (The idea below is not mine, someone else (I'm sorry, but I &g

New domains (was: URIWhois plugin)

(The idea below is not mine, someone else (I'm sorry, but I forgot who) wrote about it here (I think) before.) Giampaolo Tomassoni wrote: brand-new domains, Something that could work for this without the problems inherent in using whois or registry databases is to simply check how long ago

Re: R: URIWhois plugin

Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>: > How do they "handle these domains in a centralized way"? Do they simply > relay a whois request for not-yet-seen domains? Because in this case they > have to tune their whois parsers a bit: dob.sibl.support-intelligence.net, > in example, reports

R: URIWhois plugin

> -Messaggio originale- > Da: Jeff Chan [mailto:[EMAIL PROTECTED] > > In principle, this is a good concept; using domain whois data to spot > bad > domains can be useful. > > In practice, it's a really, really, really bad idea since the public > whois > infrastructure is not designed for

Re: URIWhois plugin

Jeff Chan wrote: In principle, this is a good concept; using domain whois data to spot bad domains can be useful. In practice, it's a really, really, really bad idea since the public whois infrastructure is not designed for this kind of high volume use. If many people did it, it would result

Re: URIWhois plugin

Quoting Giampaolo Tomassoni <[EMAIL PROTECTED]>: > Dears, > > well, I just did version 0.01 of the URIWhois plugin. > > Its purpose is mainly to detect some spam containing URIs to sites in > brand-new domains, or having some conflict in whois and dns records, or > b

URIWhois plugin

Dears, well, I just did version 0.01 of the URIWhois plugin. Its purpose is mainly to detect some spam containing URIs to sites in brand-new domains, or having some conflict in whois and dns records, or being driven by specific dns servers. So, it is meant to do something I believe someone else